{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4318", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-17T10:23:59.177Z", "datePublished": "2026-03-17T15:02:10.145Z", "dateUpdated": "2026-03-17T15:15:34.047Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-17T15:02:10.145Z"}, "title": "UTT HiPER 810G formApLbConfig strcpy buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "UTT", "product": "HiPER 810G", "versions": [{"version": "1.7.7-171114", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-17T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-17T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-17T11:29:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xiaoheshang404 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.351362", "name": "VDB-351362 | UTT HiPER 810G formApLbConfig strcpy buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351362", "name": "VDB-351362 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772659", "name": "Submit #772659 | UTT HiPER 810G <=v3v1.7.7-171114 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoheshang404/cve/issues/1#issue-4026284809", "tags": ["exploit", "issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T15:15:09.218878Z", "id": "CVE-2026-4318", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T15:15:34.047Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4318", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-17T15:15:09.218878Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T15:15:13.755Z"}}], "cna": {"title": "UTT HiPER 810G formApLbConfig strcpy buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "xiaoheshang404 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "UTT", "product": "HiPER 810G", "versions": [{"status": "affected", "version": "1.7.7-171114"}]}], "timeline": [{"lang": "en", "time": "2026-03-17T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-17T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-17T11:29:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.351362", "name": "VDB-351362 | UTT HiPER 810G formApLbConfig strcpy buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.351362", "name": "VDB-351362 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.772659", "name": "Submit #772659 | UTT HiPER 810G <=v3v1.7.7-171114 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/xiaoheshang404/cve/issues/1#issue-4026284809", "tags": ["exploit", "issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-17T15:02:10.145Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4318", "state": "PUBLISHED", "dateUpdated": "2026-03-17T15:15:34.047Z", "dateReserved": "2026-03-17T10:23:59.177Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-17T15:02:10.145Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en UTT HiPER 810G hasta la versi\u00f3n 1.7.7-171114. Afecta a la funci\u00f3n strcpy del archivo /goform/formApLbConfig. Esta manipulaci\u00f3n del argumento loadBalanceNameOld causa desbordamiento de b\u00fafer. El ataque puede iniciarse remotamente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-4318", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-17T15:16:19.650", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/xiaoheshang404/cve/issues/1#issue-4026284809"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.351362"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.351362"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.772659"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.7.7-171114"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HiPER 810G", "source": "cna", "vendor": "UTT"}, "product": "hiper_810g", "vendor": "utt"}], "analysis": {"en": {"generated_at": "2026-03-17T16:45:39.060289+00:00", "value": {"mitigation_remediation": ["Check for and apply any available security patches or firmware updates for UTT HiPER 810G from the vendor", "If no patch is available, restrict external access to the /goform/formApLbConfig endpoint, for example by firewall rules or by placing the device behind a trusted network segment", "Enable logging on the device to capture unusual requests to loadBalanceNameOld and monitor for signs of exploitation", "Consider temporarily disabling load balancing configuration via administrative settings until a patch is applied", "Verify the integrity of device configuration after any changes and conduct a vulnerability scan to confirm remediation"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "All UTT HiPER 810G devices running firmware versions up to and including 1.7.7\u2011171114 are affected. No specific sub\u2011models or later releases are listed as impacted.", "description_and_impact": "A buffer overflow exists in the strcpy function within the /goform/formApLbConfig handler of UTT HiPER 810G. By manipulating the loadBalanceNameOld argument, a remote attacker can overflow a buffer, potentially leading to memory corruption. The vulnerability is identified as CWE-119 (Buffer Overflow) and CWE-120 (Buffer-Related Error). If successfully exploited, the attacker could gain arbitrary code execution or crash the device, impacting confidentiality, integrity, and availability of the network equipment.", "risk_and_exploitability": "The CVSS score of 8.7 indicates high severity. The exploit is publicly disclosed and can be initiated remotely through the formApLbConfig endpoint. While the EPSS score is not available and the vulnerability is not in the CISA KEV catalog, the remote nature and lack of mitigation make it likely to be targeted. Exploit conditions require the ability to send crafted input to the loadBalanceNameOld parameter."}}}}, "created": "2026-03-18T12:13:20.450725+00:00", "updated": "2026-03-24T10:49:15.366595+00:00", "vendors": ["utt", "utt$PRODUCT$hiper_810g"]}